from the take-a-stand dept

Swedish ISP Bahnhof has long been a supporter of keeping its customers' data private. Five years ago, we wrote about its decision to delete user log files to avoid having to rat out users under Sweden's draconian IPRED law (which required ISPs to hand over info on users accused of copyright infringement). However, various data retention laws were put in place to stop that sort of thing two years ago. So, it's not too surprising that, following the ruling this week in the EU Court of Justice that found the EU's data retention directive invalid, the ISP has acted swiftly to delete all user records and to cease collecting and retaining any more information.

After the decision in the European Court of Justice on Tuesday, the internet service provider Bahnhof decided to delete the records and to stop retaining the data with immediate effect.

That said, it may be a bit hasty for Bahnhof to have done this. As many people noted in response to the EU Court of Justice ruling, it was only ruling on the EU directive itself, and didn't directly apply to various laws passed in different countries to comply with that directive. Technically, those laws still apply -- and Swedish Justice Minister Beatrice Ask seems to imply that Bahnhof's decision broke the law.

But the minister is not pleased about Bahnhof's decision to stop all data retention immediately. "Swedish law still applies. It is not the case that you can start applying other conditions straight away. But of course we need to quickly consider what the consequences are so that everybody can get the right information," she said.

Still, it's nice to see Bahnhof, once again, make it clear that it doesn't want to be the custodian of information for law enforcement.

what is bad is that, as usual, the law makers are trying to say that this change via the ECJ doesn't mean what it says and that Bahnhof shouldn't have deleted the records yet. on the other hand, a court decision has made downloading for personal use in Holland illegal now, effective immediately! so explain why one law is implemented straight away, the one that gives something to the entertainment industries, and one isn't, the one that takes something from the entertainment industries. also remember that atm there is a levy on all media that can be used to download on to or that can be used to make copies on to. i bet the entertainment industries are going to go down the same, greedy, self-righteous route they always do and want to keep that levy intact!

Re:

Re: Re:

IANAL, but I believe that the difference is one of scope. In the case of the Netherlands' writable media levy, the ECJ directly struck down the national law. The data retention directive, on the other hand, is a EU directive which implemented by local laws in each member state. Since the directive was struck down each state must re-examine their implementations and ensure they comply with the ruling. Until they do so or the laws are struck down directly they remain in force.

The difference

What has been invalidated by the ECJ is a directive that EU member countries have to implement in their own laws. Those laws haven't been invalidated.

What happened in the Netherlands is not an invalidation of the law. There is no law around that allows downloading whatever people like. What there was was a levy on everything that could be used to store downloaded data/movies/music/etc. and then use the money from that levy to compensate rightholders This seemed more prudent then chasing everyone who performed a download.

Telecom authority says it will not apply data retention law

The Swedish Post and Telecom Authority made an announcement the other day that they will not take action against companies based on the data retention paragraphs in the national law. I believe this announcement was made after Bahnhof reached its decision, so Bahnhof still deserves a lot of credit for its principled stance.

We now seem to have a situation where the minister of justice, commenting on the verdict, says that still "Swedish law applies in Sweden" (highly unlikely if it violates human rights I'd say) and the regulatory authority contradicts that, saying that they can no longer apply the data retention related parts of the law.

Meanwhile representatives from the political parties that actively or passively (by not raising any legal objections) supported the data retention laws now write articles in Swedish newspapers claiming this is a victory and that they never wanted mass surveillance. The main representative on legal issues of the Center party expressed in a radio interview that they objected to the introduction of this legislation but was forced by the EU to vote for it in the Swedish parliament. He also said that it's important that the police have access to all this data. He seems essentially to be saying that we can't do mass surveillance, but the police must have access to mass surveillance data. I wish they could just make up their mind!

The Pirate Party has been trying to set the record straight, but I'm not sure how many that are reached by that message.

Yes, technically he broke the local law. But also technically, that law was "illegal" to begin with. So even if they try to sue them for breaking the local law, he'll win at the EU Court, which said these laws have been illegal from the beginning.

So no big deal. More ISPs should be this eager to get rid of their customers' illegally obtained data - if nothing else because soon we may see the reverse of this: ISP's getting sued for keeping their data with an illegal law.